CVE-2021-20677
low-risk
Published 2021-03-26
UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command.
Do I need to act?
-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.1/10
Low
NETWORK
/ HIGH complexity
Affected Products (4)
Univerge Aspire Wx Firmware
Univerge Aspire Ux Firmware
Univerge Sv9100 Firmware
Sl2100 Firmware
Affected Vendors
References (4)
Third Party Advisory
https://jvn.jp/en/jp/JVN12737530/index.html
Vendor Advisory
https://www.necplatforms.co.jp/en/press/security_adv.html
Third Party Advisory
https://jvn.jp/en/jp/JVN12737530/index.html
Vendor Advisory
https://www.necplatforms.co.jp/en/press/security_adv.html
22
/ 100
low-risk
Severity
11/34 · Low
Exploitability
1/34 · Minimal
Exposure
10/34 · Low